all: add custom ip for edns

internal/dnsforward/config.go

@@ -126,12 +126,12 @@ type FilteringConfig struct {
 	// Other settings
 	// --
 
-	BogusNXDomain          []string `yaml:"bogus_nxdomain"`     // transform responses with these IP addresses to NXDOMAIN
-	AAAADisabled           bool     `yaml:"aaaa_disabled"`      // Respond with an empty answer to all AAAA requests
-	EnableDNSSEC           bool     `yaml:"enable_dnssec"`      // Set AD flag in outcoming DNS request
-	EnableEDNSClientSubnet bool     `yaml:"edns_client_subnet"` // Enable EDNS Client Subnet option
-	MaxGoroutines          uint32   `yaml:"max_goroutines"`     // Max. number of parallel goroutines for processing incoming requests
-	HandleDDR              bool     `yaml:"handle_ddr"`         // Handle DDR requests
+	BogusNXDomain    []string         `yaml:"bogus_nxdomain"`     // transform responses with these IP addresses to NXDOMAIN
+	AAAADisabled     bool             `yaml:"aaaa_disabled"`      // Respond with an empty answer to all AAAA requests
+	EnableDNSSEC     bool             `yaml:"enable_dnssec"`      // Set AD flag in outcoming DNS request
+	EDNSClientSubnet EDNSClientSubnet `yaml:"edns_client_subnet"` // Enable EDNS Client Subnet option
+	MaxGoroutines    uint32           `yaml:"max_goroutines"`     // Max. number of parallel goroutines for processing incoming requests
+	HandleDDR        bool             `yaml:"handle_ddr"`         // Handle DDR requests
 
 	// IpsetList is the ipset configuration that allows AdGuard Home to add
 	// IP addresses of the specified domain names to an ipset list.  Syntax:
@@ -146,6 +146,11 @@ type FilteringConfig struct {
 	IpsetListFileName string `yaml:"ipset_file"`
 }
 
+type EDNSClientSubnet struct {
+	Enabled bool   `yaml:"enabled"`
+	Custom  string `yaml:"custom"`
+}
+
 // TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
 type TLSConfig struct {
 	cert tls.Certificate
@@ -270,12 +275,20 @@ func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
 		UpstreamConfig:         srvConf.UpstreamConfig,
 		BeforeRequestHandler:   s.beforeRequestHandler,
 		RequestHandler:         s.handleDNSRequest,
-		EnableEDNSClientSubnet: srvConf.EnableEDNSClientSubnet,
+		EnableEDNSClientSubnet: srvConf.EDNSClientSubnet.Enabled,
 		MaxGoroutines:          int(srvConf.MaxGoroutines),
 		UseDNS64:               srvConf.UseDNS64,
 		DNS64Prefs:             srvConf.DNS64Prefixes,
 	}
 
+	if srvConf.EDNSClientSubnet.Custom != "" {
+		_, ipnet, nerr := net.ParseCIDR(srvConf.EDNSClientSubnet.Custom)
+		if nerr != nil {
+			return conf, fmt.Errorf("edns client subnet: %w", nerr)
+		}
+		conf.EDNSAddr = ipnet.IP
+	}
+
 	if srvConf.CacheSize != 0 {
 		conf.CacheEnabled = true
 		conf.CacheSizeBytes = int(srvConf.CacheSize)

internal/dnsforward/http.go

@@ -57,7 +57,7 @@ func (s *Server) getDNSConfig() (c *jsonDNSConfig) {
 	blockingIPv4 := s.conf.BlockingIPv4
 	blockingIPv6 := s.conf.BlockingIPv6
 	ratelimit := s.conf.Ratelimit
-	enableEDNSClientSubnet := s.conf.EnableEDNSClientSubnet
+	enableEDNSClientSubnet := s.conf.EDNSClientSubnet.Enabled
 	enableDNSSEC := s.conf.EnableDNSSEC
 	aaaaDisabled := s.conf.AAAADisabled
 	cacheSize := s.conf.CacheSize
@@ -280,7 +280,7 @@ func (s *Server) setConfigRestartable(dc *jsonDNSConfig) (shouldRestart bool) {
 		setIfNotNil(&s.conf.LocalPTRResolvers, dc.LocalPTRUpstreams),
 		setIfNotNil(&s.conf.UpstreamDNSFileName, dc.UpstreamsFile),
 		setIfNotNil(&s.conf.BootstrapDNS, dc.Bootstraps),
-		setIfNotNil(&s.conf.EnableEDNSClientSubnet, dc.EDNSCSEnabled),
+		setIfNotNil(&s.conf.EDNSClientSubnet.Enabled, dc.EDNSCSEnabled),
 		setIfNotNil(&s.conf.CacheSize, dc.CacheSize),
 		setIfNotNil(&s.conf.CacheMinTTL, dc.CacheMinTTL),
 		setIfNotNil(&s.conf.CacheMaxTTL, dc.CacheMaxTTL),

internal/home/upgrade.go

@@ -22,7 +22,7 @@ import (
 )
 
 // currentSchemaVersion is the current schema version.
-const currentSchemaVersion = 16
+const currentSchemaVersion = 17
 
 // These aliases are provided for convenience.
 type (
@@ -89,6 +89,7 @@ func upgradeConfigSchema(oldVersion int, diskConf yobj) (err error) {
 		upgradeSchema13to14,
 		upgradeSchema14to15,
 		upgradeSchema15to16,
+		upgradeSchema16to17,
 	}
 
 	n := 0
@@ -905,6 +906,47 @@ func upgradeSchema15to16(diskConf yobj) (err error) {
 	return nil
 }
 
+// upgradeSchema16to17 performs the following changes:
+//
+//	# BEFORE:
+//	'dns':
+//	  'edns_client_subnet': true
+//
+//	# AFTER:
+//	'edns_client_subnet':
+//	  'enabled': true
+//	  'custom': ""
+func upgradeSchema16to17(diskConf yobj) (err error) {
+	log.Printf("Upgrade yaml: 16 to 17")
+	diskConf["schema_version"] = 17
+
+	dnsVal, ok := diskConf["dns"]
+	if !ok {
+		return nil
+	}
+
+	dns, ok := dnsVal.(yobj)
+	if !ok {
+		return fmt.Errorf("unexpected type of dns: %T", dnsVal)
+	}
+
+	edns := map[string]any{
+		"enabled": true,
+		"custom":  "",
+	}
+
+	k := "edns_client_subnet"
+	v, has := dns[k]
+	if has {
+		edns["enabled"] = v == true
+	}
+	delete(dns, k)
+
+	diskConf[k] = edns
+
+	return nil
+}
+
 // TODO(a.garipov): Replace with log.Output when we port it to our logging
 // package.
 func funcName() string {

internal/home/upgrade_test.go

@@ -747,3 +747,45 @@ func TestUpgradeSchema15to16(t *testing.T) {
 		})
 	}
 }
+
+func TestUpgradeSchema16to17(t *testing.T) {
+	const newSchemaVer = 17
+
+	defaultWantObj := yobj{
+		"edns_client_subnet": map[string]any{
+			"enabled": true,
+			"custom":  "",
+		},
+		"dns":            map[string]any{},
+		"schema_version": newSchemaVer,
+	}
+
+	testCases := []struct {
+		in   yobj
+		want yobj
+		name string
+	}{{
+		in: yobj{
+			"dns": map[string]any{
+				"edns_client_subnet": true,
+			},
+		},
+		want: defaultWantObj,
+		name: "basic",
+	}, {
+		in: yobj{
+			"dns": map[string]any{},
+		},
+		want: defaultWantObj,
+		name: "default_values",
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			err := upgradeSchema16to17(tc.in)
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.want, tc.in)
+		})
+	}
+}